Facebook has addressed a major security issue in its Messenger for Android app that could have allowed threat actors to spy on users by placing and connecting Messenger audio calls without their interaction.
The vulnerability was discovered by white-hat hacker Natalie Silvanovich, from Google’s Project Zero team.
The flaw resides in the Session Description Protocol (SDP) of WebRTC protocol, which is implemented in the Messenger app to support audio and video calls.